Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement OAuth 2 support #448

Merged
merged 18 commits into from
Feb 2, 2021
Merged

Implement OAuth 2 support #448

merged 18 commits into from
Feb 2, 2021

Conversation

alvarosanchez
Copy link
Member

Fixes #422
Fixes #428
Fixes #437

@alvarosanchez
Copy link
Member Author

@croudet feel free to review this PR if you want to

@sdelamo sdelamo self-requested a review February 1, 2021 05:02
@sdelamo sdelamo mentioned this pull request Feb 2, 2021
Merged
sdelamo
sdelamo approved these changes Feb 2, 2021
View reviewed changes
openapi/src/main/resources/templates/swagger-ui/oauth2-redirect.html Show resolved Hide resolved
openapi/src/main/java/io/micronaut/openapi/view/SwaggerUIConfig.java Outdated Show resolved Hide resolved
openapi/src/main/java/io/micronaut/openapi/view/SwaggerUIConfig.java Outdated Show resolved Hide resolved
openapi/src/main/java/io/micronaut/openapi/view/SwaggerUIConfig.java Show resolved Hide resolved
src/main/docs/guide/toc.yml Outdated Show resolved Hide resolved
src/main/docs/guide/oauth2.adoc Show resolved Hide resolved
src/main/docs/guide/oauth2.adoc Outdated Show resolved Hide resolved
src/main/docs/guide/oauth2.adoc Outdated Show resolved Hide resolved
@sdelamo
Copy link
Contributor

sdelamo commented Feb 2, 2021
edited
Loading

@alvarosanchez I've verified this works with a Amazon Cognito Oauth 2.0 application with a configuration such as:

micronaut:
  security:
    authentication: idtoken
    oauth2:
      clients:
        cognito:
          client-id: 'xxx'
          client-secret: 'yyy'
          openid:
            issuer: 'https://cognito-idp.us-east-1.amazonaws.com/poolIdChangeMe/'
    endpoints:
      logout:
        get-allowed: true

I had to override the IdTokenClaimsValidator because the token received by the swagger UI did not include the aud claim but the a claim with the client_id.

I've extracted several constants, if you think it is a bad idea because they make the code harder to read I can revert those changes easily.

@alvarosanchez
Copy link
Member Author

Thanks for the refactor. I didn't add constants because I didn't see them being much used in the project.

I tested myself with Okta, and it worked without any further customisation.

@alvarosanchez alvarosanchez merged commit 530914d into master Feb 2, 2021
@alvarosanchez alvarosanchez deleted the oauth2 branch February 2, 2021 08:56
@sdelamo sdelamo mentioned this pull request Feb 2, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sdelamo sdelamo sdelamo approved these changes

@graemerocher graemerocher Awaiting requested review from graemerocher

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@alvarosanchez @sdelamo